Posted by: David Harley | September 22, 2015

Looking Out For XcodeGhost

While Apple has removed a number of compromised apps from the App Store, security company Lookout has compiled a list of apps known to be affected, plus others that it is actively investigating. iGadget users who acquire apps more frequently than I do might well find it worth to keep an eye on it.

Lookout makes a fair point about the limitations imposed on security apps by Apple’s security model for iOS, which not only rules out on-access scanning (an essential component of mainstream anti-malware on other platforms) but also makes passive scanning for the presence of malicious apps on the device harder. Lookout says:

Unfortunately due to limitations Apple has placed on apps on the iOS platform Lookout Mobile Security for consumers is not able to detect whether you have an infected app installed.

While Lookout remains available from the App Store, Apple effectively killed off development of at least one mainstream anti-malware product by removing it from the App Store some months ago, so that engine updates were no longer available. Intego indicated that theirs was not the only product affected, though offhand I can’t think of a mainstream product for iOS that was as close to a conventional (albeit only on-demand) scanner as Intego’s was. John Leyden commented for The Register at the time:

It seems Apple is acting in the belief that antivirus apps for iOS are either unnecessary or create the wrong impression. (You can read about the security in iOS here, as a PDF.)

Will Apple reconsider that belief (if Leyden is correct) in the light of the number of apps (at least 350, according to Qihoo360) and users (hundreds of millions, according to Palo Alto) affected? I suspect that it will take the company some time to get its head round the idea that there could ever be (jailbroken devices apart) unequivocally malicious programs lurking on an iGadget or in the App Store.

David Harley


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.


%d bloggers like this: